> Hi > > This is my piece of program: > > EVP_CIPHER_CTX_init(&ctx); > ret = EVP_CIPHER_CTX_set_padding(&ctx, 0); //0 for no > padding, 1 for padding // ret ==1 here > unsigned char *key = GetKeyPtr(); > ret = EVP_EncryptInit(&ctx, EVP_aes_128_cbc(), NULL, NULL); > // ret ==1 here > ret = EVP_CIPHER_CTX_set_key_length(&ctx, 16); // ret ==1 here > ret = EVP_EncryptInit(&ctx, NULL, key, NULL); // ret ==1 here > ///... > unsigned char buffer[128]; > int outl; > int len=0; > > ret = EVP_EncryptUpdate(&ctx, buffer, &outl, (unsigned char > *)in, 16); // ret ==1 here > len += outl; // == 16
Why is this line here? The output buffer doesn't contain the final output yet, so there's no reason to add the length to the final length. > ret = EVP_EncryptFinal(&ctx, buffer+len, &outl); // ret ==1 here > len += outl; // == 32 > ///... > > Should len equals 16 at last ? But , why the result is 32? Can > anyone tell me the reason? You added the same data twice. If you want to find *new* data that has been output, you have to look at the *change* in 'outl'. It is both an input and an output parameter. If you always want 'len' to contain the amount of ouput data, you need a 'len -= outl' before you call EVP_EncryptFinal. Whether it makes sense to do that or just eliminate the 'len += outl' above depends on what you're doing with the intermediate results. Since your example does nothing with the intermediate results, it makes no sense to add thier size to 'len'. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
